vidar | 39bee43ddd3e75352c918e0554acaf8d8e78f0765678a0ab704513ca18822a66

Analysis

Target

39BEE43DDD3E75352C918E0554ACAF8D8E78F0765678A.exe
Size

545KB
MD5

f75d3f9245837bf525c550af11676322
SHA1

3787b1420765f1839f072c3139220ac9a69acbb2
SHA256

39bee43ddd3e75352c918e0554acaf8d8e78f0765678a0ab704513ca18822a66
SHA512

7c825fbef7205331f186326464bc89c5ac2ee7fc3065edf382e0ed684c7807a738aff652c53248502781b4ee5854f54b72d357c318e1b4a12066100dc37128e2

Score

10^/10

Family

vidar

Version

26.1

Botnet

237

http://centos10.com/

Attributes

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata

Vidar Stealer 2 IoCs

stealer

Processes:

resource	yara_rule
behavioral1/memory/1580-56-0x00000000002A0000-0x0000000000329000-memory.dmp	family_vidar
behavioral1/memory/1580-57-0x0000000000400000-0x000000000088B000-memory.dmp	family_vidar

C:\Users\Admin\AppData\Local\Temp\39BEE43DDD3E75352C918E0554ACAF8D8E78F0765678A.exe
"C:\Users\Admin\AppData\Local\Temp\39BEE43DDD3E75352C918E0554ACAF8D8E78F0765678A.exe"
1⤵
PID:1580

memory/1580-54-0x0000000076811000-0x0000000076813000-memory.dmp

Filesize
8KB

Download
memory/1580-55-0x000000000091B000-0x0000000000972000-memory.dmp

Filesize
348KB

Download
memory/1580-56-0x00000000002A0000-0x0000000000329000-memory.dmp

Filesize
548KB

Download
memory/1580-57-0x0000000000400000-0x000000000088B000-memory.dmp

Filesize
4.5MB

Download
memory/1580-58-0x000000000091B000-0x0000000000972000-memory.dmp

Filesize
348KB

Download